[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Eoin eoin.keary at owasp.org
Thu Jun 7 21:13:30 UTC 2012


Why is the cheat sheet not in the reboot list yet!! We could fund awareness, publication and pr efforts!!
Jim??

Eoin Keary
Owasp Global Board
+353 87 977 2988


On 7 Jun 2012, at 21:54, Andy Lewis <alewis at owasp.org> wrote:

> Hi Jim - right now it looks to me like we provide good general
> guidance and references to implementation in specific
> languages/frameworks.  My intention was to 1) promote awareness, and
> 2) solicit additional references for additional specific languages or
> frameworks to make a great cheat sheet even better.
> All the best,
> Andy
> 
> On Thu, Jun 7, 2012 at 11:17 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> What changes to the password storage cheat sheet do you have in mind?
>> I maintain that and other pages in the cheat sheet series.
>> 
>> --
>> Jim Manico
>> (808) 652-3805
>> 
>> On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
>> 
>>> Nearly all of my LinkedIn groups have some hysterical mention of the
>>> LinkedIn password hash leak.
>>> Few of them mention the fact that the hashes were unsalted.
>>> 
>>> OWASP has answers.  Please join me in promoting those answers by
>>> "Liking" my posts about salt or publishing your own.
>>> 
>>> Here's the message I've been posting (yeah, it COULD be more subtle):
>>> 
>>> <Discussion Field 1>
>>> It's easy to point and laugh at LinkedIn for failing to salt our
>>> passwords, but it's also a good time to remind people about how easy
>>> OWASP has made hashing with salt for some languages:
>>> </Discussion Field 1>
>>> 
>>> <Discussion Field 2>
>>> The references for the CryptoGraphic Cheat Sheet cover salt for java,
>>> php, and .net.
>>> 
>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>>> 
>>> Anybody aware of any others?  Now's a good time to update the cheat
>>> sheet references on OWASP's wiki.
>>> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
>>> </Discussion Field 2>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list